/* ===================

AX2E (AXESCON XACML 2.0 Engine) is the Java authorization engine, which implements OASIS XACML 2.0 standard.
Copyright (C) 2007 AXESCON LLC

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA


Contact: AXESCON LLC - info{at}axescon.com

 =================== */
package axescon.xacml.engine.alg;

import axescon.xacml.api.CtxHandler;
import axescon.xacml.api.XacmlException;
import axescon.xacml.api.alg.RuleCombAlg;
import axescon.xacml.engine.PolicyEvaluatorImpl;
import axescon.xacml.model.ctx.Result;
import axescon.xacml.model.ctx.XacmlCtx;
import axescon.xacml.model.ctx.impl.ResultImpl;
import axescon.xacml.model.policy.Rule;
import axescon.xacml.model.policy.RuleCombinerParameters;
import axescon.xacml.model.shared.Decision;
import axescon.xacml.model.shared.Effect;


/**
 * @author argyn
 *         Date: Jun 27, 2005
 *         Time: 11:09:19 PM
 *         Responsibilities: represents XACML Deny-overrides Rule Combining algorithm
 *         see spec 2.0 ch. C.1 and C.2
 *         id: urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-overrides
 *         id: urn:oasis:names:tc:xacml:1.1:rule-combining-algorithm:ordered-deny-overrides
 */
public class OrderedDenyOverridesRuleAlg implements RuleCombAlg {

    public OrderedDenyOverridesRuleAlg() {
    }

    public Result combine(Rule[] rules, XacmlCtx req, CtxHandler ch, RuleCombinerParameters[] params, PolicyEvaluatorImpl pdp) throws XacmlException {
        boolean atLeastOneError = false;
        boolean potentialDeny = false;
        boolean atLeastOnePermit = false;
        Result indeterminateResult = null;

        for (int i = 0; i < rules.length; i++) {
            Rule rule = rules[i];
            Result result = pdp.getRuleEvaluator().eval(rule, ch, req);
            byte decision = result.getDecision();
            if (decision == Decision.BYTE_DENY) {
                return result;
            }
            if (decision == Decision.BYTE_PERMIT) {
                atLeastOnePermit = true;
                continue;
            }
            if (decision == Decision.BYTE_NOT_APPLICABLE) {
                continue;
            }
            if (decision == Decision.BYTE_INDETERMINATE) {
                atLeastOneError = true;

                if (rule.getEffect() == Effect.BYTE_DENY) {
                    potentialDeny = true;
                }

                // spec doesn't say which error to return, so we'll return the last one
                // we use the result instead of creating new Indeterminate, because
                // there could be error codes and other tracking info
                indeterminateResult = result;

            }
        }
        if (potentialDeny) {

            return indeterminateResult;
        }
        if (atLeastOnePermit) {
            Result ret = new ResultImpl();
            ret.setDecision(Decision.BYTE_PERMIT);

            return ret;
        }
        if (atLeastOneError) {
            return indeterminateResult;
        }
        Result ret = new ResultImpl();
        ret.setDecision(Decision.BYTE_NOT_APPLICABLE);
        ret.setResourceId(ch.getResourceId(req));
        return ret;
    }


}
